Skip to content

fix: close IPC socket TOCTOU with umask before Listen (PILOT-279) #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
matthew-pilot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: close IPC socket TOCTOU with umask before Listen (PILOT-279) #4

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions cmd/wallet/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,12 +150,18 @@ func run(ctx context.Context, args []string) error {
if err := os.MkdirAll(filepath.Dir(*sockPath), 0o700); err != nil {
return fmt.Errorf("socket dir: %w", err)
}
// Set umask to 0o177 before Listen so the unix-domain socket
// is created as 0o600 atomically — no TOCTOU window between
// socket creation and a post-hoc Chmod.
oldMask := syscall.Umask(0o177)
listener, err := net.Listen("unix", *sockPath)
syscall.Umask(oldMask)
if err != nil {
return fmt.Errorf("listen %s: %w", *sockPath, err)
}
// Limit who can open the socket. 0600 means only the owning user can
// dial — same threat model as the identity file.
// Chmod is a belt-and-suspenders backup; the umask above covers
// the primary case. On the off-chance a platform doesn't apply
// umask to unix sockets, the explicit chmod is the fallback.
if err := os.Chmod(*sockPath, 0o600); err != nil {
logger.Printf("chmod socket: %v", err)
}
Expand Down
Loading